internal static NetworkInterfaceAssociation DeserializeNetworkInterfaceAssociation(JsonElement element)
{
Optional <IReadOnlyList <SecurityRuleData> > securityRules = default;
ResourceIdentifier id = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("securityRules"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
List <SecurityRuleData> array = new List <SecurityRuleData>();
foreach (var item in property.Value.EnumerateArray())
{
array.Add(SecurityRuleData.DeserializeSecurityRuleData(item));
}
securityRules = array;
continue;
}
if (property.NameEquals("id"))
{
id = property.Value.GetString();
continue;
}
}
return(new NetworkInterfaceAssociation(id, Optional.ToList(securityRules)));
}
internal static SecurityRuleListResult DeserializeSecurityRuleListResult(JsonElement element)
{
Optional <IReadOnlyList <SecurityRuleData> > value = default;
Optional <string> nextLink = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("value"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
List <SecurityRuleData> array = new List <SecurityRuleData>();
foreach (var item in property.Value.EnumerateArray())
{
array.Add(SecurityRuleData.DeserializeSecurityRuleData(item));
}
value = array;
continue;
}
if (property.NameEquals("nextLink"))
{
nextLink = property.Value.GetString();
continue;
}
}
return(new SecurityRuleListResult(Optional.ToList(value), nextLink.Value));
}
SecurityRule IOperationSource <SecurityRule> .CreateResult(Response response, CancellationToken cancellationToken)
{
using var document = JsonDocument.Parse(response.ContentStream);
var data = SecurityRuleData.DeserializeSecurityRuleData(document.RootElement);
return(new SecurityRule(_armClient, data));
}
public async Task VerifyIpFlowApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "westus2";
var resourceGroup = await CreateResourceGroup(resourceGroupName, location);
string virtualMachineName1 = Recording.GenerateAssetName("azsmnet");
string networkInterfaceName1 = Recording.GenerateAssetName("azsmnet");
string networkSecurityGroupName = virtualMachineName1 + "-nsg";
//Deploy VM with a template
var vm = await CreateWindowsVM(virtualMachineName1, networkInterfaceName1, location, resourceGroup);
//TODO:There is no need to perform a separate create NetworkWatchers operation
//Create network Watcher
//string networkWatcherName = Recording.GenerateAssetName("azsmnet");
//NetworkWatcher properties = new NetworkWatcher { Location = location };
//await networkWatcherContainer.CreateOrUpdateAsync(resourceGroupName, networkWatcherName, properties);
string localIPAddress = GetNetworkInterfaceContainer(resourceGroupName).GetAsync(networkInterfaceName1).Result.Value.Data.IpConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = Recording.GenerateAssetName("azsmnet");
// Add a security rule
var SecurityRule = new SecurityRuleData()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
var networkSecurityGroupContainer = GetNetworkSecurityGroupContainer(resourceGroupName);
Response <NetworkSecurityGroup> nsg = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName);
nsg.Value.Data.SecurityRules.Add(SecurityRule);
var createOrUpdateOperation = await networkSecurityGroupContainer.CreateOrUpdateAsync(networkSecurityGroupName, nsg.Value.Data);
await createOrUpdateOperation.WaitForCompletionAsync();;
VerificationIPFlowParameters ipFlowProperties = new VerificationIPFlowParameters(vm.Id, "Outbound", "TCP", "80", "80", localIPAddress, "12.11.12.14");
//Verify IP flow from a VM to a location given the configured rule
var verifyIpFlowOperation = await GetNetworkWatcherContainer("NetworkWatcherRG").Get("NetworkWatcher_westus2").Value.VerifyIPFlowAsync(ipFlowProperties);
Response <VerificationIPFlowResult> verifyIpFlow = await verifyIpFlowOperation.WaitForCompletionAsync();;
//Verify validity of the result
Assert.AreEqual("Deny", verifyIpFlow.Value.Access.ToString());
Assert.AreEqual("securityRules/" + securityRule1, verifyIpFlow.Value.RuleName);
}
private void CompareSecurityRule(SecurityRuleData rule1, SecurityRuleData rule2)
{
Assert.AreEqual(rule1.Name, rule2.Name);
Assert.AreEqual(rule1.Etag, rule2.Etag);
Assert.AreEqual(rule1.Access, rule2.Access);
Assert.AreEqual(rule1.Description, rule2.Description);
Assert.AreEqual(rule1.DestinationAddressPrefix, rule2.DestinationAddressPrefix);
Assert.AreEqual(rule1.DestinationPortRange, rule2.DestinationPortRange);
Assert.AreEqual(rule1.Direction, rule2.Direction);
Assert.AreEqual(rule1.Protocol, rule2.Protocol);
Assert.AreEqual(rule1.ProvisioningState, rule2.ProvisioningState);
Assert.AreEqual(rule1.SourceAddressPrefix, rule2.SourceAddressPrefix);
Assert.AreEqual(rule1.SourcePortRange, rule2.SourcePortRange);
}
public async Task SecurityRuleWithRulesApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = TestEnvironment.Location;
var resourceGroup = await CreateResourceGroup(resourceGroupName);
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
string securityRule1 = Recording.GenerateAssetName("azsmnet");
string securityRule2 = Recording.GenerateAssetName("azsmnet");
string destinationPortRange = "123-3500";
NetworkSecurityGroupData networkSecurityGroup = new NetworkSecurityGroupData()
{
Location = location,
SecurityRules =
{
new SecurityRuleData()
{
Name = securityRule1,
Access = SecurityRuleAccess.Allow,
Description = "Test security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Inbound,
Priority = 500,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "655"
}
}
};
// Put Nsg
var networkSecurityGroupContainer = resourceGroup.GetNetworkSecurityGroups();
var putNsgResponseOperation = await networkSecurityGroupContainer.CreateOrUpdateAsync(networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await putNsgResponseOperation.WaitForCompletionAsync();;
Assert.AreEqual("Succeeded", putNsgResponse.Value.Data.ProvisioningState.ToString());
// Get NSG
Response <NetworkSecurityGroup> getNsgResponse = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName);
Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Data.Name);
// Get SecurityRule
Response <SecurityRule> getSecurityRuleResponse = await getNsgResponse.Value.GetSecurityRules().GetAsync(securityRule1);
Assert.AreEqual(securityRule1, getSecurityRuleResponse.Value.Data.Name);
CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[0], getSecurityRuleResponse.Value.Data);
// Add a new security rule
var securityRule = new SecurityRuleData()
{
Name = securityRule2,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Udp,
SourceAddressPrefix = "*",
SourcePortRange = "656",
};
var putSecurityRuleResponseOperation = await getNsgResponse.Value.GetSecurityRules().CreateOrUpdateAsync(securityRule2, securityRule);
Response <SecurityRule> putSecurityRuleResponse = await putSecurityRuleResponseOperation.WaitForCompletionAsync();;
Assert.AreEqual("Succeeded", putSecurityRuleResponse.Value.Data.ProvisioningState.ToString());
// Get NSG
getNsgResponse = await networkSecurityGroupContainer.GetAsync(networkSecurityGroupName);
// Get the SecurityRule2
Response <SecurityRule> getSecurityRule2Response = await getNsgResponse.Value.GetSecurityRules().GetAsync(securityRule2);
Assert.AreEqual(securityRule2, getSecurityRule2Response.Value.Data.Name);
// Verify the security rule
Assert.AreEqual(SecurityRuleAccess.Deny, getSecurityRule2Response.Value.Data.Access);
Assert.AreEqual("Test outbound security rule", getSecurityRule2Response.Value.Data.Description);
Assert.AreEqual("*", getSecurityRule2Response.Value.Data.DestinationAddressPrefix);
Assert.AreEqual(destinationPortRange, getSecurityRule2Response.Value.Data.DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Outbound, getSecurityRule2Response.Value.Data.Direction);
Assert.AreEqual(501, getSecurityRule2Response.Value.Data.Priority);
Assert.AreEqual(SecurityRuleProtocol.Udp, getSecurityRule2Response.Value.Data.Protocol);
Assert.AreEqual("Succeeded", getSecurityRule2Response.Value.Data.ProvisioningState.ToString());
Assert.AreEqual("*", getSecurityRule2Response.Value.Data.SourceAddressPrefix);
Assert.AreEqual("656", getSecurityRule2Response.Value.Data.SourcePortRange);
CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[1], getSecurityRule2Response.Value.Data);
// List all SecurityRules
AsyncPageable <SecurityRule> getsecurityRulesAP = getNsgResponse.Value.GetSecurityRules().GetAllAsync();
List <SecurityRule> getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync();
Assert.AreEqual(2, getsecurityRules.Count());
CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[0], getsecurityRules.ElementAt(0).Data);
CompareSecurityRule(getNsgResponse.Value.Data.SecurityRules[1], getsecurityRules.ElementAt(1).Data);
// Delete a SecurityRule
await getSecurityRule2Response.Value.DeleteAsync();
getsecurityRulesAP = getNsgResponse.Value.GetSecurityRules().GetAllAsync();
getsecurityRules = await getsecurityRulesAP.ToEnumerableAsync();
Has.One.EqualTo(getsecurityRules);
// Delete NSG
await getNsgResponse.Value.DeleteAsync();
// List NSG
AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = networkSecurityGroupContainer.GetAllAsync();
List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Assert.IsEmpty(listNsgResponse);
}
public async Task ViewNsgRuleApiTest()
{
string resourceGroupName = Recording.GenerateAssetName("azsmnet");
string location = "westus2";
var resourceGroup = await CreateResourceGroup(resourceGroupName, location);
string virtualMachineName = Recording.GenerateAssetName("azsmnet");
string networkInterfaceName = Recording.GenerateAssetName("azsmnet");
string networkSecurityGroupName = virtualMachineName + "-nsg";
//Deploy VM with template
var vm = await CreateLinuxVM(virtualMachineName, networkInterfaceName, location, resourceGroup);
//TODO:There is no need to perform a separate create NetworkWatchers operation
//Create network Watcher
//string networkWatcherName = Recording.GenerateAssetName("azsmnet");
//NetworkWatcherResource properties = new NetworkWatcherResource { Location = location };
//Response<NetworkWatcherResource> createNetworkWatcher = await networkWatcherCollection.CreateOrUpdateAsync(true, resourceGroupName, networkWatcherName, properties);
string localIPAddress = GetNetworkInterfaceCollection(resourceGroupName).GetAsync(networkInterfaceName).Result.Value.Data.IPConfigurations.FirstOrDefault().PrivateIPAddress;
string securityRule1 = Recording.GenerateAssetName("azsmnet");
// Add a security rule
var securityRule = new SecurityRuleData()
{
Name = securityRule1,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = "80",
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "*",
};
var networkSecurityGroupCollection = GetNetworkSecurityGroupCollection(resourceGroupName);
Response <NetworkSecurityGroupResource> nsg = await networkSecurityGroupCollection.GetAsync(resourceGroupName, networkSecurityGroupName);
nsg.Value.Data.SecurityRules.Add(securityRule);
var createOrUpdateOperation = await networkSecurityGroupCollection.CreateOrUpdateAsync(WaitUntil.Completed, networkSecurityGroupName, nsg.Value.Data);
Response <NetworkSecurityGroupResource> networkSecurityGroup = await createOrUpdateOperation.WaitForCompletionAsync();;
//Get view security group rules
var viewNSGRulesOperation = await GetNetworkWatcherCollection("NetworkWatcherRG").Get("NetworkWatcher_westus2").Value.GetVmSecurityRulesAsync(WaitUntil.Completed, new SecurityGroupViewParameters(vm.Id));
Response <SecurityGroupViewResult> viewNSGRules = await viewNSGRulesOperation.WaitForCompletionAsync();;
//Verify effective security rule defined earlier
IEnumerable <EffectiveNetworkSecurityRule> getEffectiveSecurityRule = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.EffectiveSecurityRules.Where(x => x.Name == "UserRule_" + securityRule1);
Assert.AreEqual("Tcp", getEffectiveSecurityRule.FirstOrDefault().Protocol);
Assert.AreEqual(501, getEffectiveSecurityRule.FirstOrDefault().Priority);
Assert.AreEqual("Deny", getEffectiveSecurityRule.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getEffectiveSecurityRule.FirstOrDefault().Direction);
Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("80-80", getEffectiveSecurityRule.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("0.0.0.0/0", getEffectiveSecurityRule.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("0-65535", getEffectiveSecurityRule.FirstOrDefault().SourcePortRange);
//Verify 6 default rules
IEnumerable <SecurityRuleData> getDefaultSecurityRule1 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetInBound");
Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().Protocol);
Assert.AreEqual(65000, getDefaultSecurityRule1.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRule1.FirstOrDefault().Access);
Assert.AreEqual("Inbound", getDefaultSecurityRule1.FirstOrDefault().Direction);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRule1.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule1.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRuleData> getDefaultSecurityRule2 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowAzureLoadBalancerInBound");
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().Protocol);
Assert.AreEqual(65001, getDefaultSecurityRule2.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRule2.FirstOrDefault().Access);
Assert.AreEqual("Inbound", getDefaultSecurityRule2.FirstOrDefault().Direction);
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("AzureLoadBalancer", getDefaultSecurityRule2.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule2.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRuleData> getDefaultSecurityRule3 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllInBound");
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().Protocol);
Assert.AreEqual(65500, getDefaultSecurityRule3.FirstOrDefault().Priority);
Assert.AreEqual("Deny", getDefaultSecurityRule3.FirstOrDefault().Access);
Assert.AreEqual("Inbound", getDefaultSecurityRule3.FirstOrDefault().Direction);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRule3.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRuleData> getDefaultSecurityRuleData4 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowVnetOutBound");
Assert.AreEqual("*", getDefaultSecurityRuleData4.FirstOrDefault().Protocol);
Assert.AreEqual(65000, getDefaultSecurityRuleData4.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRuleData4.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getDefaultSecurityRuleData4.FirstOrDefault().Direction);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRuleData4.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRuleData4.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("VirtualNetwork", getDefaultSecurityRuleData4.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRuleData4.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRuleData> getDefaultSecurityRuleData5 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "AllowInternetOutBound");
Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().Protocol);
Assert.AreEqual(65001, getDefaultSecurityRuleData5.FirstOrDefault().Priority);
Assert.AreEqual("Allow", getDefaultSecurityRuleData5.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getDefaultSecurityRuleData5.FirstOrDefault().Direction);
Assert.AreEqual("Internet", getDefaultSecurityRuleData5.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRuleData5.FirstOrDefault().SourcePortRange);
IEnumerable <SecurityRuleData> getDefaultSecurityRuleData6 = viewNSGRules.Value.NetworkInterfaces.FirstOrDefault().SecurityRuleAssociations.DefaultSecurityRules.Where(x => x.Name == "DenyAllOutBound");
Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().Protocol);
Assert.AreEqual(65500, getDefaultSecurityRuleData6.FirstOrDefault().Priority);
Assert.AreEqual("Deny", getDefaultSecurityRuleData6.FirstOrDefault().Access);
Assert.AreEqual("Outbound", getDefaultSecurityRuleData6.FirstOrDefault().Direction);
Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().DestinationAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().DestinationPortRange);
Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().SourceAddressPrefix);
Assert.AreEqual("*", getDefaultSecurityRuleData6.FirstOrDefault().SourcePortRange);
}
public async Task NetworkSecurityGroupWithRulesApiTest()
{
Subscription subscription = await ArmClient.GetDefaultSubscriptionAsync();
string resourceGroupName = Recording.GenerateAssetName("csmrg");
string location = TestEnvironment.Location;
var resourceGroup = await CreateResourceGroup(resourceGroupName);
string networkSecurityGroupName = Recording.GenerateAssetName("azsmnet");
string securityRule1 = Recording.GenerateAssetName("azsmnet");
string securityRule2 = Recording.GenerateAssetName("azsmnet");
string destinationPortRange = "123-3500";
var networkSecurityGroup = new NetworkSecurityGroupData()
{
Location = location,
SecurityRules =
{
new SecurityRuleData()
{
Name = securityRule1,
Access = SecurityRuleAccess.Allow,
Description = "Test security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Inbound,
Priority = 500,
Protocol = SecurityRuleProtocol.Tcp,
SourceAddressPrefix = "*",
SourcePortRange = "655"
}
}
};
// Put Nsg
var networkSecurityGroupCollection = resourceGroup.GetNetworkSecurityGroups();
var putNsgResponseOperation = await networkSecurityGroupCollection.CreateOrUpdateAsync(networkSecurityGroupName, networkSecurityGroup);
Response <NetworkSecurityGroup> putNsgResponse = await putNsgResponseOperation.WaitForCompletionAsync();;
Assert.AreEqual("Succeeded", putNsgResponse.Value.Data.ProvisioningState.ToString());
// Get NSG
Response <NetworkSecurityGroup> getNsgResponse = await networkSecurityGroupCollection.GetAsync(networkSecurityGroupName);
Assert.AreEqual(networkSecurityGroupName, getNsgResponse.Value.Data.Name);
Assert.AreEqual(6, getNsgResponse.Value.Data.DefaultSecurityRules.Count);
Assert.AreEqual("AllowVnetInBound", getNsgResponse.Value.Data.DefaultSecurityRules[0].Name);
Assert.AreEqual("AllowAzureLoadBalancerInBound", getNsgResponse.Value.Data.DefaultSecurityRules[1].Name);
Assert.AreEqual("DenyAllInBound", getNsgResponse.Value.Data.DefaultSecurityRules[2].Name);
Assert.AreEqual("AllowVnetOutBound", getNsgResponse.Value.Data.DefaultSecurityRules[3].Name);
Assert.AreEqual("AllowInternetOutBound", getNsgResponse.Value.Data.DefaultSecurityRules[4].Name);
Assert.AreEqual("DenyAllOutBound", getNsgResponse.Value.Data.DefaultSecurityRules[5].Name);
// Verify the security rule
Assert.AreEqual(SecurityRuleAccess.Allow, getNsgResponse.Value.Data.SecurityRules[0].Access);
Assert.AreEqual("Test security rule", getNsgResponse.Value.Data.SecurityRules[0].Description);
Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[0].DestinationAddressPrefix);
Assert.AreEqual(destinationPortRange, getNsgResponse.Value.Data.SecurityRules[0].DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Inbound, getNsgResponse.Value.Data.SecurityRules[0].Direction);
Assert.AreEqual(500, getNsgResponse.Value.Data.SecurityRules[0].Priority);
Assert.AreEqual(SecurityRuleProtocol.Tcp, getNsgResponse.Value.Data.SecurityRules[0].Protocol);
Assert.AreEqual("Succeeded", getNsgResponse.Value.Data.SecurityRules[0].ProvisioningState.ToString());
Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[0].SourceAddressPrefix);
Assert.AreEqual("655", getNsgResponse.Value.Data.SecurityRules[0].SourcePortRange);
// List NSG
AsyncPageable <NetworkSecurityGroup> listNsgResponseAP = networkSecurityGroupCollection.GetAllAsync();
List <NetworkSecurityGroup> listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Has.One.EqualTo(listNsgResponse);
Assert.AreEqual(networkSecurityGroupName, listNsgResponse.First().Data.Name);
Assert.AreEqual(6, listNsgResponse.First().Data.DefaultSecurityRules.Count);
Assert.AreEqual("AllowVnetInBound", listNsgResponse.First().Data.DefaultSecurityRules[0].Name);
Assert.AreEqual("AllowAzureLoadBalancerInBound", listNsgResponse.First().Data.DefaultSecurityRules[1].Name);
Assert.AreEqual("DenyAllInBound", listNsgResponse.First().Data.DefaultSecurityRules[2].Name);
Assert.AreEqual("AllowVnetOutBound", listNsgResponse.First().Data.DefaultSecurityRules[3].Name);
Assert.AreEqual("AllowInternetOutBound", listNsgResponse.First().Data.DefaultSecurityRules[4].Name);
Assert.AreEqual("DenyAllOutBound", listNsgResponse.First().Data.DefaultSecurityRules[5].Name);
Assert.AreEqual(getNsgResponse.Value.Data.Etag, listNsgResponse.First().Data.Etag);
// List NSG in a subscription
AsyncPageable <NetworkSecurityGroup> listNsgSubsciptionResponseAP = subscription.GetNetworkSecurityGroupsAsync();
List <NetworkSecurityGroup> listNsgSubsciptionResponse = await listNsgSubsciptionResponseAP.ToEnumerableAsync();
Assert.IsNotEmpty(listNsgSubsciptionResponse);
// Add a new security rule
var SecurityRule = new SecurityRuleData()
{
Name = securityRule2,
Access = SecurityRuleAccess.Deny,
Description = "Test outbound security rule",
DestinationAddressPrefix = "*",
DestinationPortRange = destinationPortRange,
Direction = SecurityRuleDirection.Outbound,
Priority = 501,
Protocol = SecurityRuleProtocol.Udp,
SourceAddressPrefix = "*",
SourcePortRange = "656",
};
networkSecurityGroup.SecurityRules.Add(SecurityRule);
putNsgResponseOperation = await networkSecurityGroupCollection.CreateOrUpdateAsync(networkSecurityGroupName, networkSecurityGroup);
await putNsgResponseOperation.WaitForCompletionAsync();;
// Get NSG
getNsgResponse = await networkSecurityGroupCollection.GetAsync(networkSecurityGroupName);
// Verify the security rule
Assert.AreEqual(SecurityRuleAccess.Deny, getNsgResponse.Value.Data.SecurityRules[1].Access);
Assert.AreEqual("Test outbound security rule", getNsgResponse.Value.Data.SecurityRules[1].Description);
Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[1].DestinationAddressPrefix);
Assert.AreEqual(destinationPortRange, getNsgResponse.Value.Data.SecurityRules[1].DestinationPortRange);
Assert.AreEqual(SecurityRuleDirection.Outbound, getNsgResponse.Value.Data.SecurityRules[1].Direction);
Assert.AreEqual(501, getNsgResponse.Value.Data.SecurityRules[1].Priority);
Assert.AreEqual(SecurityRuleProtocol.Udp, getNsgResponse.Value.Data.SecurityRules[1].Protocol);
Assert.AreEqual("Succeeded", getNsgResponse.Value.Data.SecurityRules[1].ProvisioningState.ToString());
Assert.AreEqual("*", getNsgResponse.Value.Data.SecurityRules[1].SourceAddressPrefix);
Assert.AreEqual("656", getNsgResponse.Value.Data.SecurityRules[1].SourcePortRange);
// List Default Security Groups
AsyncPageable <SecurityRuleData> listDefaultSecurityGroupsAP = getNsgResponse.Value.GetDefaultSecurityRulesAsync();
List <SecurityRuleData> listDefaultSecurityGroups = await listDefaultSecurityGroupsAP.ToEnumerableAsync();
Assert.IsNotEmpty(listDefaultSecurityGroups);
// Get Defaul Security Group
// TODO: ADO 5975
//Response<SecurityRuleData> getDefaultSecurityGroups = await getNsgResponse.Value.GetDefaultSecurityRuleAsync();
//Assert.AreEqual(listDefaultSecurityGroups.First().Name, getDefaultSecurityGroups.Value.Name);
// Delete NSG
await putNsgResponse.Value.DeleteAsync();
// List NSG
listNsgResponseAP = networkSecurityGroupCollection.GetAllAsync();
listNsgResponse = await listNsgResponseAP.ToEnumerableAsync();
Assert.IsEmpty(listNsgResponse);
}
internal static SecurityRuleAssociations DeserializeSecurityRuleAssociations(JsonElement element)
{
Optional <NetworkInterfaceAssociation> networkInterfaceAssociation = default;
Optional <SubnetAssociation> subnetAssociation = default;
Optional <IReadOnlyList <SecurityRuleData> > defaultSecurityRules = default;
Optional <IReadOnlyList <EffectiveNetworkSecurityRule> > effectiveSecurityRules = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("networkInterfaceAssociation"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
networkInterfaceAssociation = NetworkInterfaceAssociation.DeserializeNetworkInterfaceAssociation(property.Value);
continue;
}
if (property.NameEquals("subnetAssociation"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
subnetAssociation = SubnetAssociation.DeserializeSubnetAssociation(property.Value);
continue;
}
if (property.NameEquals("defaultSecurityRules"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
List <SecurityRuleData> array = new List <SecurityRuleData>();
foreach (var item in property.Value.EnumerateArray())
{
array.Add(SecurityRuleData.DeserializeSecurityRuleData(item));
}
defaultSecurityRules = array;
continue;
}
if (property.NameEquals("effectiveSecurityRules"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
List <EffectiveNetworkSecurityRule> array = new List <EffectiveNetworkSecurityRule>();
foreach (var item in property.Value.EnumerateArray())
{
array.Add(EffectiveNetworkSecurityRule.DeserializeEffectiveNetworkSecurityRule(item));
}
effectiveSecurityRules = array;
continue;
}
}
return(new SecurityRuleAssociations(networkInterfaceAssociation.Value, subnetAssociation.Value, Optional.ToList(defaultSecurityRules), Optional.ToList(effectiveSecurityRules)));
}
